id: qdpm-info-leak info: name: qdPM 9.2 - DB Credentials Exposure author: gy741 severity: high description: qdPM 9.2 database credentials were discovered. reference: - https://www.exploit-db.com/exploits/50176 tags: qdpm,exposure,edb http: - method: GET path: - '{{BaseURL}}/core/config/databases.yml' matchers-condition: and matchers: - type: word part: body words: - 'dsn:' - 'username:' - 'password:' condition: and - type: status status: - 200 # Enhanced by mp on 2022/07/15